Cyber recovery is becoming a partner-led conversation, not just an IT function. As attacks increasingly persist inside backup data and sensitive information spreads across cloud and AI environments, customers are asking a more specific question: Can you guarantee that what gets restored is actually clean?
That shift is creating a new services opportunity for MSPs and MSSPs. It moves the focus from backup management to validated recovery, data visibility, and governance across environments. Commvault’s latest updates reflect this change, bringing threat detection, data governance, and recovery into a single workflow that partners can package and deliver as part of a broader resilience offering.
Recovery Now Depends on What’s Inside Your Backups
Commvault has expanded its
Threat Scan capabilities to help organizations inspect backup data before restoring it. That shift matters because attackers often embed malicious code across systems over time, and restoring infected backups can restart the attack cycle.
Alan Atkinson, Chief Business Development Officer at Commvault, explained the risk in practical terms. He told ChannelE2E, “Cyber criminals often lurk in environments for days or weeks before actually launching their attack. This gives them time to compromise data and insert back doors. They know you’ll restore data from backup and they’re hoping that you restore their access or the malware they planted.”
The update introduces two layers of detection. One focuses on identifying known indicators of compromise using hashes and pattern-based rules. The other goes deeper with file-level inspection, using machine learning and behavioral analysis to catch threats that do not match known signatures.
Atkinson said the goal is to insert a validation step before recovery begins: “Threat Scan and our latest threat hunting capabilities enable security teams to scan data and look for threats before you perform a recovery. This helps provide a final check that the data you’re recovering is clean.”
This approach addresses a long-standing tradeoff in recovery decisions. Atkinson says, “Legacy solutions often force customers to choose between restoring an old ‘known-clean’ backup (losing data) or the most recent one (risking reinfection).” He added that Commvault’s approach “eliminates this dilemma by giving organizations layered detection of threats and innovative new techniques to recover clean data in a way that quarantines threats while keeping your good data.”
From Detection to Clean Recovery
What stands out is how Commvault connects detection directly to recovery. Its Synthetic Recovery capability allows teams to isolate and remove compromised data during the recovery process itself, rather than treating detection and restoration as separate workflows.
Atkinson described how that works in practice: “With Commvault’s threat hunting capabilities within Threat Scan, enterprises can benefit through Synthetic Recovery, which uses patent-pending AI technology and includes Commvault surgically removing only the compromised datasets during the restoration process.”
For MSSPs managing multiple environments, that linkage becomes more relevant. “Commvault integrates threat and anomaly detection with its patent-pending Synthetic Recovery technology,” Atkinson said. “Once a threat is identified via Threat Scan, AI-enabled Synthetic Recovery can surgically remove compromised data during the restoration process, so that only clean data is returned to production systems.”
He also pointed to the combination of detection methods as a differentiator: “Commvault's offering is unique in that it offers both Hyper Threat Hunting using file hashes and YARA rules and deep file inspection using AI/ML detection tools. Other tools do not offer both of these capabilities together.”
This signals a shift in how recovery is handled. It is no longer just about restoring systems quickly. It is about restoring systems safely, with confidence that the recovered data will not reintroduce risk.
Data Risk Is Expanding Beyond Backups
At the same time,
Commvault is extending its focus beyond backup environments into live data systems, including structured databases and AI-driven workloads. The company is adding real-time data access governance and expanding its data security posture management capabilities to cover structured and vector data used in AI applications.
Atkinson framed this as a visibility and control problem across all data types: “Commvault’s solutions will arm enterprises with proactive discovery, classification, and access control across their structured and unstructured data.”
The updates also introduce real-time governance for structured data environments. “With new Access Governance capabilities powered by Commvault’s acquisition of Satori, they benefit from real-time access governance for modern structured data, such as AI-intensive vector databases, which helps reduce data leakage into and out of AI tools while maintaining compliance,” he said.
This matters because sensitive data is increasingly scattered across environments that traditional tools were not designed to monitor. AI systems can surface or expose that data in ways organizations do not fully understand.
Bringing Data Security and Recovery Into One Workflow
What Commvault is trying to do here goes beyond adding visibility. It is about connecting data security directly to resilience outcomes.
Atkinson highlighted the gap in current approaches: “Many DSPM solutions focus on identifying sensitive data and assigning risk scores, but they stop at visibility.” He added that Commvault brings “data discovery, risk assessment, and real-time access controls together within the same platform that customers already use for backup and recovery.”
That integration extends into enforcement. “Commvault further extends beyond discovery by enabling policy enforcement at query time including just-in-time access and dynamic data masking across structured data platforms and unstructured environments,” he said.
More importantly, those controls are tied back to recovery. “Unlike point solutions that operate independently of backup and recovery systems, Commvault connects data visibility and access controls directly to cyber resilience and cyber recovery workflows, enabling organizations to reduce risk before an incident and recover more effectively afterward.”
NetApp and Commvault partnership
Commvault has also partnered with NetApp to tighten the link between early threat detection and recovery across hybrid environments. The companies are combining NetApp’s AI-driven ransomware detection at the storage layer with Commvault’s backup, threat scanning, and recovery capabilities to create a closed-loop approach to cyber resilience. The goal is to identify threats closer to where data lives, then use that signal to guide faster and cleaner recovery decisions. This approach addresses a common issue where attacks spread across both primary systems and backups before detection, leading to longer downtime and higher data loss. By connecting detection and recovery into a single workflow, the alliance is aimed at helping organizations reduce recovery time, limit the impact of attacks, and maintain continuity across cloud and on-prem environments.
For partners, this is less about adding another tool and more about expanding the scope of what they deliver. Validated recovery, data access governance, and AI-related data controls are starting to converge into a single service layer. That opens up new ways to build recurring revenue, whether through recovery validation services, data risk assessments, or ongoing governance tied to AI and cloud environments. It also raises the bar on differentiation. Customers will expect providers to do more than restore systems. They will expect proof that recovered environments are clean, that sensitive data is controlled, and that risks are reduced before and after an incident. This is where the market is moving. Recovery is no longer the end of the process. It is becoming a core part of how partners deliver security, resilience, and long-term customer value.